feat: Enable users to take advantage of the SARIF format

[jamacku]

Use csgrep to save defects in SARIF format and return the file's location in the sarif output.

Path to SARIF file can be accessed using ${{ steps.<id>.outputs.sarif }}.

Tested in:

• https://github.com/jamacku/systemd-scopes/pull/1

[praiskup]

An idea: The usage pattern is now a bit more complicated (checkout, diff lint, upload sarif). I'm curious whether we could encapsulate and call those from within the action?

[jamacku]

In Differential ShellCheck we use PUT https://api.github.com/repos/${GITHUB_REPOSITORY}/code-scanning/analysis for uploading SARIF, but I don't know how reliable it will be in future since it's not documented anywhere. And in GitHub docs they always mention using github/codeql-action/upload-sarif.

But I agree. The setup is a bit more complicated now with SARIF.